Introduction to Digital Forensics

Overview

Introduction to digital forensics is designed to help commercial and government organizations collect, preserve and report on digital artefacts in a way which is suitable for use in investigations.
The course covers the broad topics essential to the digital forensics disciplines. It sets out a framework for investigations, covering the best practice as described by The National Police Chiefs' Council (NPCC) formally ACPO guidelines. Forensic fundamentals will be covered as well as the use of open source forensic tools. The data will be then analysed and an example report produced.

Participants to this course learn about the methods to identify, preserve, analysis and report on digital artefacts. Using a mixed approach of fundamentals and open source software, delegates will be able to select suitable tools and report on their findings in an evidential way.

The introduction to digital forensic course audience includes all teams across the IT, Security, Internal Audit, Law Enforcement and Government.

IISP Skills Alignment

This course is aligned to the following Institute of Information Security Professionals (IISP) Skills. More details on the IISP skills framework can be found here.

F3

Continuous Professional Development (CPD)

CPD points can be claimed for GCT accredited courses at the rate of 1 point per hour of training for GCHQ accredited courses (up to a maximum of 15 points).

Objectives

The purpose, benefits, and key terms of digital forensics.

Describe and adhere to the principles of the forensic framework

Understand the importance of the chain of custody

Demonstrate a basic knowledge of key locations in different operating systems

Identify how different file systems represent files and how they deal with deletion etc.

Understand where timestamps and other meta data comes from

Have knowledge of the legal framework in which they operate, and the expected level of ethical behaviour expected.